About libpurple's g_markup_escape_text() bug

Diego Bauche Madero diegobauche at gmail.com
Sun Oct 2 08:41:16 EDT 2011

Hi Elb,

I saw the CVE request, I was wondering if you guys are also going to
patch other code apart the SILC code after this...

PS: I hope not to get in any trouble because of my lousy way to
disclose this!, heh :). I do hope you guys know I meant no harm.


On Sat, Oct 1, 2011 at 3:46 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Diego Bauche Madero spake unto us the following wisdom:
>> In reality though, it's not that hard to find it (On a second try,
>> Just searching for "Security" did the trick), So it was actually just
>> my fault in any case (Searching for "Security" does the trick, getting
>> at the "SecurityVulnerabilityProcess" page). But I think it would be
>> helpful to include it inside the "Tips for Bug Reports" site in any
>> case so dumb users like me won't get lost.
> I have added a link to security@ on that page.  Thank you.
> Ethan
> Version: GnuPG v1.4.10 (GNU/Linux)
> iQEVAwUBTod8Ff8fixZ3H8crAQiBDggAtaOY7hrc6FMzqF3NuD2fC2c3QeBwYMLu
> NUvXWg0Ys4ZTt9OctEV9/nd5b28tSxnOYolfqS1h8rTCA5grIq0F16Y1hZ8X3wA5
> 7ZQrxVs39DYFIKfvc517A9AiBS1LMbG7mxPjxX95nPdfYq9Kp5Hz3P3Ikttq8URk
> s8lxcudSskTnRl5nFlgqVI11UfdTZ7LfCGpARBdbmw33z3wIzugEgy/ZmHJg7TSS
> +AlAo9J8R8E9RU4qBNwswrqv8eSv3xu7/0IUWtG5fN2+8gsuRtP7E/6OMgNcSlS5
> 9MjR5fGbKFVq92s2pwoFhNp4773sIaxWFz8fLsA065NUd0Qe/JyddQ==
> =+aL+

More information about the security mailing list